<?php
/**
 *	Copyright (c) TeamFlamingo And gray 2004-2009
 *	www.me-live.com.cn / www.i-gray.cn
 *
 *	[ WARNING ]
 *		This is NOT a freeware!
 *		You MUST get author's authorization before using it!
 *	[ WARNING ]
 *
 *	Name : login.php / Development Code Evolve
 *	Created / Modify : -- / 2010-3-24
 */
	//	[CH]	这里判断一下是否有hash值传递过来
	if( !isset( $_POST['hash'] ) || empty( $_POST['hash'] ) || trim( $_POST['hash'] ) == '' || preg_match( "/\W+/i", $_POST['hash'] ) )
	{
		Header( "HTTP/1.0 404 Not Found" );
		exit;
	}

	$hash	=	trim( $_POST['hash'] );

	include	'../init.php';

	if( !extension_loaded( 'memcache' ) )
	{
		$prefix = PHP_SHLIB_SUFFIX == 'dll' ? 'php_' : '';
		if( function_exists( 'dl' ) && @dl( "{$prefix}memcache." . PHP_SHLIB_SUFFIX ) )
			define( 'MEMCACHED_MODULE_LOADED', true );
		else
			define( 'MEMCACHED_MODULE_LOADED', false );
	}
	else
	{
		define( 'MEMCACHED_MODULE_LOADED', true );
	}

	include	ME_CORE . '/memcached.lib.php';
	include	ME_CORE . '/database.lib.php';
	include	ME_CORE . '/common.h.php';

	//	[CH]	判断用户是否已经登录
	isUserLogin();
	if( $_SESSION['auth'] && $hash != getMeHash( 'loginout' ) )
	{
		echo	'Err[3]';
		return;
	}


	//if( $hash == getMeHash( 'do-login' ) )
	switch	( $hash )
	{
		case	getMeHash( 'loginout' )	:
			if( isset( $_SESSION ) && $_SESSION['auth'] == true )
			{
				if( session_destroy() )
					echo	'Err[0]|您已经安全退出，请<span>点击这里</span>或等待[<b>5</b>]秒钟后页面自动刷新';
				else
					echo	'Err[1]|数据清除失败，请重试';
			}
			else
			{
				echo	'Err[3]|发生一个未知的错误';
			}
		break;

		case	getMeHash( 'do-login' )	:
			$args	=	array();
			//	[CH]	过滤post数据
			$args['username']	=	strip_tags( trim( $_POST['username'] ) );
			$args['password']	=	strip_tags( trim( $_POST['password'] ) );
			$args['authcode']	=	strip_tags( trim( $_POST['authcode'] ) );

			if( !isUsername( $args['username'] ) )
				echo	'Err[0]|<span>用户名非法</span>';
			elseif( empty( $args['password'] ) )
				echo	'Err[1]|<span>密码不能为空</span>';
			elseif( !isset( $_SESSION ) )
				echo	'Err[2]|<span>不允许外部提交</span>';
			elseif( $args['authcode'] != $_SESSION['authcode'] )
				echo	'Err[3]|<span>验证码错误</span>';
			else
			{
				$result	=	$db->assoc( $db->query( "SELECT `uid`, `email` FROM `mdk_users` WHERE `username` = '{$args['username']}' AND `password` = '{$args['password']}'" ) );

				if( $result )
				{
					$_SESSION['UID']		=	$result['uid'];
					$_SESSION['email']		=	$result['email'];
					$_SESSION['username']	=	$args['username'];
					$_SESSION['password']	=	$args['password'];
					$_SESSION['loginIp']	=	getUserIp();
					$_SESSION['loginTime']	=	time();
					$_SESSION['auth']		=	TRUE;

					//	[CH]	重建Session并将该ID设为Memcached的Key
					session_regenerate_id();
					$key	=	session_id();

					unset( $_POST, $args );
					//	[CH]	将Session数据写入Memcached
					$db->MC->add( $key, $_SESSION, ME_TIME_OUT );

					echo	'Err[4]|登陆成功！请<span>点击这里</span>或等待[<b>5</b>]秒钟后页面自动刷新';
				}
				else
				{
					echo	'Err[5]|用户名或密码错误，请重试';
				}
			}
			mysql_close();
		break;

		default	:
			echo	'Err[3]';
	}
?>